Modern network computing allows great benefits by sharing information and computing resources. As an example, information is transmitted within networks between server computers and client computers in response to requests by the client computer's application. Networks have become widely used resources for information transfer.
Public networks such as the Internet have progressed and proliferated markedly in the recent past. This progression and proliferation allows public networks to offer the advantages of substantial resources, including a well developed physical infrastructure, widely used protocols, and established, experienced management.
Despite their near ubiquity and substantial advantages, public networks in recent times have proven somewhat vulnerable to security problems, such as hacker intrusions, prying, spying, and outright attacks, as well as the propagation of harmful viruses, nukes, worms, Trojan horses, and the like. Almost all public network users share exposure and varying degrees of risk to such problems.
Private networks have also developed. Private networks offer some advantages such as a higher degree of security than possible on public networks. For this reason among others, some network users have found private networks preferable to public ones in some circumstances and/or for particular networking applications.
Private networks however often lack the infrastructure and other resources and thus sometimes lack the substantial capacities and capabilities of public networks. The more recent development of the Virtual Private Network (VPN) overcame this private network paucity. Accordingly, the VPN has attracted the attention of users seeking the advantages of private networking.
A VPN utilizes a public network such as the Internet as a backbone for a private interconnection between computing locations for information transfer. A VPN appears to its users to be a private network. However, transfer of information between users of a VPN takes place over the same backbone trunks and other resources of the public network used by others.
A VPN uses access control and encryption technologies to achieve the security inherent in private networks while taking advantage of the infrastructure, economies of scale, and established management resources of public networks. The VPN establishes in effect a secure ‘tunnel’ for the transfer of information between the authorized users.
Information transferred between the users is encrypted, and the VPN is firewalled. Access is restricted to authorized users, who must provide a valid password. Some users employ a Utility Data Center (UDC) to provision network resources, such as, but not limited to servers, firewalls, and VPN devices, called in some circles a ‘farm’, for the clients of a single user or set of users.
Provisioning entails assigning resources to a farm, such as but not limited to servers, firewalls, and VPN devices. Essentially, the farm is a collection of these resources, which can be can be wide ranging. The farm is connected to the network, which itself is unprotected, relative to the farm. But the VPN secures point-to-point communication with the farm, because the farm is configured across the secure tunnel through the network accorded by the VPN.
A VPN is a configurable device to allow flexibility in defining authorized users, how the tunnel is set up, and other aspects. While VPN vendors typically implement the tunnel and other network aspects using a particular protocol, such as Internet Protocol (IP), they do so in unique specific ways. ‘Defaults’ may vary for instance, among other things.
Provisioning the farm conventionally involves intensive manual programming individual device settings to configure a tunnel to facilitate a VPN connection from a remote data center (e.g., a client) to the utility data center. Thus when a user requests a VPN in their farm, its configuration must be manually configured.
The tunnels must be manually established for the user to connect securely to their farm on a first connection. For instance, a network administrator must conventionally allocate a device by actual access and setting. While networking information may be available from software, device configurations must basically be made individually and manually. The requirement for manually configuring a VPN can be problematic for several reasons.
In racks of servers functioning as VPNs for instance a user's request can require the allocation of a number of the servers; 10 for example. All ten must be manually configured, every single one; a not always simple, quick, and easy task. This need for manual configuring can be problematic, because it can be tedious as well as laborious and error-prone, which can combine to make it somewhat expensive.
Beside configuring device settings, in some operating data centers, a customer request for a VPN and related resources such as servers can actually require significant labor and material resources. For instance, configuring some such installations, a rack for instance, to perform a particular function can require a technician to physically move servers and other resources and physically custom wire the required cabling.
Further, security aspects can pose an issue with manual configuration. For instance, initially, the configuring administrator is privy to information sensitive to the user's network security, such as private Internet Protocol (IP) addresses and a password. Ideally, after a first pass, a user should privately change such security sensitive information. However, lapses occur and sometimes this security measure does not take place. The administrator may thus retain know-how for gaining unwelcome further access to the farm.